52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
---
|
|
- hosts: all
|
|
vars:
|
|
password_salt: !vault |
|
|
$ANSIBLE_VAULT;1.1;AES256
|
|
38386463386336393336643934393736633235623939306263663737303130316438343037353135
|
|
6535633737343438393239636230666664666331346564380a613161376237323262613164316564
|
|
65643733373739666165313065383030353664656161393261623762623733353938333964346536
|
|
3064316661323964390a326564613734316162613432396432363737376438323664656666613035
|
|
30386662653266373766613837373534616639383866383732646336373037653430
|
|
tasks:
|
|
- name: "Fail if what_user is not set"
|
|
ansible.builtin.fail:
|
|
msg: "You have to specify the what_user variable"
|
|
when: not what_user is defined
|
|
run_once: true
|
|
delegate_to: 127.0.0.1
|
|
|
|
- name: "Fail if what_password is not set"
|
|
ansible.builtin.fail:
|
|
msg: "You have to specify the what_password variable"
|
|
when: not what_user is defined
|
|
run_once: true
|
|
delegate_to: 127.0.0.1
|
|
|
|
- name: Fail if user specified does not exist
|
|
ansible.builtin.getent:
|
|
database: passwd
|
|
key: "{{ what_user }}"
|
|
|
|
- name: Ensure passlib is installed locally
|
|
ansible.builtin.pip:
|
|
name: passlib
|
|
extra_args: "--user"
|
|
run_once: true
|
|
delegate_to: 127.0.0.1
|
|
|
|
- name: Generate password outside root context
|
|
ansible.builtin.set_fact:
|
|
hashed_pass: "{{ what_password | password_hash('sha512', password_salt) }}"
|
|
run_once: true
|
|
delegate_to: 127.0.0.1
|
|
|
|
- name: Update user password
|
|
ansible.builtin.user:
|
|
name: "{{ what_user }}"
|
|
password: "{{ what_password | password_hash('sha512', password_salt) }}"
|
|
become: true
|
|
become_method: sudo
|
|
become_user: root
|
|
|
|
|